Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp1361314imu; Tue, 20 Nov 2018 16:34:20 -0800 (PST) X-Google-Smtp-Source: AJdET5fI0fQuurP+9iAjR9EgvrOcnyMUo4NqyQMBuQNDTxgxxnXo0Q2WCFnxrwvvtfEgwARGDWWP X-Received: by 2002:a62:5881:: with SMTP id m123-v6mr4564449pfb.160.1542760460525; Tue, 20 Nov 2018 16:34:20 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1542760460; cv=none; d=google.com; s=arc-20160816; b=dLsbghYDC8K7PXES+V+etKS8w8dW0nVGIdOkcvxGu9l9zy16lEDaZSlj6DWM6YQ06F 140sFD34z3GfpbHxgWump/dUI45ZbxOnUhoMvLa+dvYi2LtaD8lAzCxMqaCLydaJZe/L OFBqQXQZukvUP/f8QJR+7hMboFzyZvdFQbg2Y4KUtp/S/Jr9/cL7iY10n6NemES9ZTDd QI4Ar1yQAOZel+5qPa+ndSWLDOxS4aZ2eg4EIigNJeAVv8m2aYdj5GxXx8Qc6MQ5S+z5 8Ql1/GhAoSIj12KIc4BFdXL7QQEIa8PHR8DnoT8sxYWN4BY85im/tWzn4/bqKrSv42G9 4Fig== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:organization:from:references:to:subject:cc :dkim-signature; bh=l0faow3B73yoICoATHRDlt3IMCmGORV26A1N3TLVngk=; b=nMzbMKUMTYoF+rENggWZhYGHxOsCEyEsCprgrkCXetZb+J0fUSu6HHpc3DhcafdqpE SMzzzBVULmVDs7e74tn/iolVNHqokvlTFwDignAgI/dmwjLtxtZcWMshsQG1ERkNmcBQ m3G7op/IKpWJSzLRcZFcaRAPn1lEjab+sXf3t7/k4ZIfMRNYm8KRH1jNL2GMvdoiDLTN v+Y5h+WKZyCnhLajIqBPnkCL77Dg3OSLKC58t09NaXHu0dT9R2D97eGYHVt8iDTLQa5C IAWOvHCma8yKc3wQc6bSIjYti7KuCDvRoXSFEW+TQkK5hUFe9ZMF3RQXKPKQuDDqZ/f4 tQsw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=FFINfVlJ; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id h13si21024837pgs.17.2018.11.20.16.34.03; Tue, 20 Nov 2018 16:34:20 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=FFINfVlJ; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726290AbeKUKui (ORCPT + 99 others); Wed, 21 Nov 2018 05:50:38 -0500 Received: from mail-qk1-f194.google.com ([209.85.222.194]:33413 "EHLO mail-qk1-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726062AbeKUKui (ORCPT ); Wed, 21 Nov 2018 05:50:38 -0500 Received: by mail-qk1-f194.google.com with SMTP id o89so4005408qko.0 for ; Tue, 20 Nov 2018 16:18:45 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=cc:subject:to:references:from:organization:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=l0faow3B73yoICoATHRDlt3IMCmGORV26A1N3TLVngk=; b=FFINfVlJqb8xyfLfnWWh0PpxsH4bMuhxJ1NMJsuWF27PfU6M/NVOaUv25axrJoINaR 0zhPgTNMyzltC3iBQFpYSvlt6q+ziP0nm3gVVIUcDyYxcTAnem++3fa5Up3tCMJXbbx2 WXeEKTzLquYsPEKgZeeoRphbJQnrmBxBI+gQE= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:cc:subject:to:references:from:organization :message-id:date:user-agent:mime-version:in-reply-to :content-language:content-transfer-encoding; bh=l0faow3B73yoICoATHRDlt3IMCmGORV26A1N3TLVngk=; b=HSzTtY7cXeQhN9LCfx+d9ohCxn8bwX7noblAOQGMDfhSjXxKoB89D2uKACbf0trS/x Sk/pDsRy1HETESKKoc3JJDqNbp3Yy/VlPFhH92OhdotJ0uqutsGQCh7Qch1GxAVgYmWo zVRwN3Bmk6NX6HrEChvCc6UE4YTv3gFt/cvPd41CWEHEH+2OsPL9YpAf2/3Yn3tGS6De 4hdKT7lQUnkY+6eJhKIRroUvxEK0rpeb8U5nhUa/ONFRHjGTjEcQhlqaakCNrOU0dB71 Mpt4k3AYXuY3LcgjEGt+7StX7GuTMKxMDH8NB1p2TBNn65dT9CECzzaYFOAFKee4/BMT GX9g== X-Gm-Message-State: AA+aEWbmSMwrn/2h9grbYyFrMYH0ddlIhuK+Nsotv/umDza1eNzWNgun oZk1y9iAT13zlnr3A1juHxTWAA== X-Received: by 2002:ae9:e895:: with SMTP id a143mr3548881qkg.242.1542759524854; Tue, 20 Nov 2018 16:18:44 -0800 (PST) Received: from [192.168.48.13] ([168.194.163.17]) by smtp.gmail.com with ESMTPSA id z196sm25567711qkz.37.2018.11.20.16.18.41 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 20 Nov 2018 16:18:44 -0800 (PST) Cc: Rafael David Tinoco , broonie@kernel.org, linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org, linux-mm@kvack.org, minchan@kernel.org, ngupta@vflare.org, sergey.senozhatsky.work@gmail.com Subject: Re: [PATCH v2] mm/zsmalloc.c: Fix zsmalloc 32-bit PAE support To: linux@armlinux.org.uk References: <20181025134344.GZ30658@n2100.armlinux.org.uk> <20181121001150.405-1-rafael.tinoco@linaro.org> From: Rafael David Tinoco Organization: Linaro Message-ID: <91776bf8-0d12-1cc4-1ffb-ca3c486aeb0b@linaro.org> Date: Tue, 20 Nov 2018 22:18:40 -0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.3.0 MIME-Version: 1.0 In-Reply-To: <20181121001150.405-1-rafael.tinoco@linaro.org> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 11/20/18 10:11 PM, Rafael David Tinoco wrote: > On 32-bit systems, zsmalloc uses HIGHMEM and, when PAE is enabled, the > physical frame number might be so big that zsmalloc obj encoding (to > location) will break, causing: > > BUG: KASAN: null-ptr-deref in zs_map_object+0xa4/0x2bc > Read of size 4 at addr 00000000 by task mkfs.ext4/623 > CPU: 2 PID: 623 Comm: mkfs.ext4 Not tainted 4.19.0-rc8-00017-g8239bc6d3307-dirty #15 > Hardware name: Generic DT based system > [] (unwind_backtrace) from [] (show_stack+0x20/0x24) > [] (show_stack) from [] (dump_stack+0xbc/0xe8) > [] (dump_stack) from [] (kasan_report+0x248/0x390) > [] (kasan_report) from [] (__asan_load4+0x78/0xb4) > [] (__asan_load4) from [] (zs_map_object+0xa4/0x2bc) > [] (zs_map_object) from [] (zram_bvec_rw.constprop.2+0x324/0x8e4 [zram]) > [] (zram_bvec_rw.constprop.2 [zram]) from [] (zram_make_request+0x234/0x46c [zram]) > [] (zram_make_request [zram]) from [] (generic_make_request+0x304/0x63c) > [] (generic_make_request) from [] (submit_bio+0x4c/0x1c8) > [] (submit_bio) from [] (submit_bh_wbc.constprop.15+0x238/0x26c) > [] (submit_bh_wbc.constprop.15) from [] (__block_write_full_page+0x524/0x76c) > [] (__block_write_full_page) from [] (block_write_full_page+0x1bc/0x1d4) > [] (block_write_full_page) from [] (blkdev_writepage+0x24/0x28) > [] (blkdev_writepage) from [] (__writepage+0x44/0x78) > [] (__writepage) from [] (write_cache_pages+0x3b8/0x800) > [] (write_cache_pages) from [] (generic_writepages+0x74/0xa0) > [] (generic_writepages) from [] (blkdev_writepages+0x18/0x1c) > [] (blkdev_writepages) from [] (do_writepages+0x68/0x134) > [] (do_writepages) from [] (__filemap_fdatawrite_range+0xb0/0xf4) > [] (__filemap_fdatawrite_range) from [] (file_write_and_wait_range+0x64/0xd0) > [] (file_write_and_wait_range) from [] (blkdev_fsync+0x54/0x84) > [] (blkdev_fsync) from [] (vfs_fsync_range+0x70/0xd4) > [] (vfs_fsync_range) from [] (do_fsync+0x4c/0x80) > [] (do_fsync) from [] (sys_fsync+0x1c/0x20) > [] (sys_fsync) from [] (ret_fast_syscall+0x0/0x2c) > > when trying to decode (the pfn) and map the object. > > That happens because one architecture might not re-define > MAX_PHYSMEM_BITS, like in this ARM 32-bit w/ LPAE enabled example. For > 32-bit systems, if not re-defined, MAX_POSSIBLE_PHYSMEM_BITS will > default to BITS_PER_LONG (32) in most cases, and, with PAE enabled, > _PFN_BITS might be wrong: which may cause obj variable to overflow if > frame number is in HIGHMEM and referencing a page above the 4GB > watermark. > > commit 6e00ec00b1a7 ("staging: zsmalloc: calculate MAX_PHYSMEM_BITS if > not defined") realized MAX_PHYSMEM_BITS depended on SPARSEMEM headers > and "fixed" it by calculating it using BITS_PER_LONG if SPARSEMEM wasn't > used, like in the example given above. > > Systems with potential for PAE exist for a long time and assuming > BITS_PER_LONG seems inadequate. Defining MAX_PHYSMEM_BITS looks better, > however it is NOT a constant anymore for x86. > > SO, instead, MAX_POSSIBLE_PHYSMEM_BITS should be defined by every > architecture using zsmalloc, together with a sanity check for > MAX_POSSIBLE_PHYSMEM_BITS being too big on 32-bit systems. > > Link: https://bugs.linaro.org/show_bug.cgi?id=3765#c17 > Signed-off-by: Rafael David Tinoco > --- > arch/arm/include/asm/pgtable-2level-types.h | 2 ++ > arch/arm/include/asm/pgtable-3level-types.h | 2 ++ > arch/arm64/include/asm/pgtable-types.h | 2 ++ > arch/ia64/include/asm/page.h | 2 ++ > arch/mips/include/asm/page.h | 2 ++ > arch/powerpc/include/asm/mmu.h | 2 ++ > arch/s390/include/asm/page.h | 2 ++ > arch/sh/include/asm/page.h | 2 ++ > arch/sparc/include/asm/page_32.h | 2 ++ > arch/sparc/include/asm/page_64.h | 2 ++ > arch/x86/include/asm/pgtable-2level_types.h | 2 ++ > arch/x86/include/asm/pgtable-3level_types.h | 3 +- > arch/x86/include/asm/pgtable_64_types.h | 4 +-- > mm/zsmalloc.c | 35 +++++++++++---------- > 14 files changed, 45 insertions(+), 19 deletions(-) Russel, I have tried to place MAX_POSSIBLE_PHYSMEM_BITS in the best available header for each architecture, considering different paging levels, PAE existence, and existing similar definitions. Also, I have only considered those architectures already having "sparsemem.h" header. Would you mind reviewing it ? Tks -- Rafael D. Tinoco Linaro Kernel Validation